I had/have the Virus Protector bug on my system, and performed ALL of the removal procedures involved to get rid of this pesky bug. Problem is, I get REDIRECTED to other sites regularly. I?ve used Hijackthis to verify what files I have on my machine (log below) and the only thing I can see that might be the problem is a lsass.exe that is running in the background. Attempted to End the process for this program and tried to delete this file from its location, but to no avail. anyone with a CLEAR understanding of Hijackthis & systems, please advise.
HEEEEEEEEEEEEEEEELP! 🙁
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:34 PM, on 4/10/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\DOCUME~1\THINKP~1\LOCALS~1\Temp\RarSFX2\RegCure.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 ? HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R0 ? HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 ? HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 ? HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R0 ? HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 ? HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 ? HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 ? HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 ? BHO: &Yahoo! Toolbar Helper ? {02478D38-C3F9-4efb-9B51-7695ECA05670} ? C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 ? BHO: AcroIEHelperStub ? {18DF081C-E8AD-4283-A596-FA578C2EBDC3} ? C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 ? BHO: Spybot-S&D IE Protection ? {53707962-6F74-2D53-2644-206D7942484F} ? C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 ? BHO: PCTools Site Guard ? {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ? C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 ? BHO: PCTools Browser Monitor ? {B56A7D7D-6927-48C8-A975-17DF180C71AC} ? C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 ? BHO: Java(tm) Plug-In 2 SSV Helper ? {DBC80044-A445-435b-BC74-9C25C1C588A9} ? C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 ? BHO: JQSIEStartDetectorImpl ? {E7E6F031-17CE-4C07-BC86-EABFE594F69C} ? C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 ? BHO: SingleInstance Class ? {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ? C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 ? Toolbar: Yahoo! Toolbar ? {EF99BD32-C1FB-11D2-892F-0090271D4F88} ? C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 ? Toolbar: @msdxmLC.dll,-1@1033,&Radio ? {8E718888-423F-11D2-876E-00A0C9082467} ? C:\WINNT\system32\msdxm.ocx
O4 ? HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 ? HKLM\..\Run: [Lexmark X6100 Series] ?C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe?
O4 ? HKLM\..\Run: [Adobe Reader Speed Launcher] ?C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe?
O4 ? HKLM\..\Run: [ACUMon] ?C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe? -a
O4 ? HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 ? HKLM\..\Run: [ISUSScheduler] ?C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe? -start
O4 ? HKLM\..\Run: [SunJavaUpdateSched] ?C:\Program Files\Common Files\Java\Java Update\jusched.exe?
O4 ? HKLM\..\Run: [Zone Labs Client] ?C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe?
O4 ? HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 ? HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 ? HKCU\..\Run: [Messenger (Yahoo!)] ?C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe? -quiet
O4 ? HKCU\..\Run: [Spyware Doctor] ?C:\Program Files\Spyware Doctor\swdoctor.exe? /Q
O4 ? Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 ? Extra context menu item: E&xport to Microsoft Excel ? res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 ? Extra button: Spyware Doctor ? {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} ? C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O17 ? HKLM\System\CCS\Services\Tcpip\..\{2B7C04D2-0898-43A3-B374-B7AFA580EA23}: NameServer = 93.188.163.113,93.188.161.83
O17 ? HKLM\System\CCS\Services\Tcpip\..\{7A5AF047-9CE4-40A2-8954-F491000044CC}: NameServer = 93.188.163.113,93.188.161.83
O17 ? HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.113,93.188.161.83
O17 ? HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.113,93.188.161.83
O17 ? HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.113,93.188.161.83
O17 ? HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.113,93.188.161.83
O23 ? Service: avast! iAVS4 Control Service (aswUpdSv) ? ALWIL Software ? C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 ? Service: Ati HotKey Poller ? ATI Technologies Inc. ? C:\WINNT\system32\Ati2evxx.exe
O23 ? Service: avast! Antivirus ? ALWIL Software ? C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 ? Service: avast! Mail Scanner ? ALWIL Software ? C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 ? Service: avast! Web Scanner ? ALWIL Software ? C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 ? Service: Logical Disk Manager Administrative Service (dmadmin) ? VERITAS Software Corp. ? C:\WINNT\System32\dmadmin.exe
O23 ? Service: ThinkPad PM Service (IBMPMSVC) ? Unknown owner ? C:\WINNT\system32\ibmpmsvc.exe
O23 ? Service: Java Quick Starter (JavaQuickStarterService) ? Sun Microsystems, Inc. ? C:\Program Files\Java\jre6\bin\jqs.exe
O23 ? Service: LexBce Server (LexBceS) ? Lexmark International, Inc. ? C:\WINNT\system32\LEXBCES.EXE
O23 ? Service: TrueVector Internet Monitor (vsmon) ? Zone Labs, LLC ? C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 ? Service: Yahoo! Updater (YahooAUService) ? Yahoo! Inc. ? C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
?
End of file ? 7215 bytes